This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

SharePoint Affected by ASP.NET Vulnerability

The Microsoft SharePoint team blog updated its Security Advisory 2416728--"Vulnerability in ASP.NET and SharePoint" on 9/22/10, adding this note (bolding is their emphasis):

"We originally stated that SharePoint Server 2007 and Windows SharePoint Services 3.0 did not require the workaround to be applied, however, we have recently discovered through testing that a variant of the issue
does affect SharePoint Server 2007 and Windows SharePoint Services 3.0 and also requires extra steps in the workaround for SharePoint Server 2010 (Steps 5-9). Customers with these versions should refer to the relevant workaround below. We will continue to keep this post updated with the latest guidance."

The workarounds, Microsoft adds, "do not fix the underlying issue but help to block known attack vectors until an ASP.NET security update is released.
... We recommend that all affected SharePoint customers apply the workaround as soon as possible. You should apply the workaround to
every web front-end in your SharePoint farm."